Merge pull request #17 from alan-turing-institute/ssl_labs

Add missing traefik dynamic configuration template
alan-turing-institute · Jul 6, 2021 · 81ff611 · 81ff611
2 parents 7894131 + 322824d
commit 81ff611
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/ansible/templates/guacamole/traefik_dynamic_conf.yml.j2 b/ansible/templates/guacamole/traefik_dynamic_conf.yml.j2
@@ -0,0 +1,28 @@
+---
+
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        # TLS 1.3 ciphers
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        # TLS 1.2 ciphers
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+      preferServerCipherSuites: true
+{% if lets_encrypt %}
+      sniStrict: true
+{% endif %}
+
+http:
+  middlewares:
+    hsts-headers:
+      headers:
+        stsSeconds: 31536000
+        forceSTSHeader: true
+        stsPreload: true
+        stsIncludeSubdomains: true